| Message ID | 20260618110111.3484982-1-sivakumar.bs@gmail.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | sudo: fix pam-wheel sed pattern for updated sudoers format | expand |
diff --git a/meta/recipes-extended/sudo/sudo_1.9.17p2.bb b/meta/recipes-extended/sudo/sudo_1.9.17p2.bb index 7dfa0cef6c..489c0db09d 100644 --- a/meta/recipes-extended/sudo/sudo_1.9.17p2.bb +++ b/meta/recipes-extended/sudo/sudo_1.9.17p2.bb @@ -37,7 +37,7 @@ do_install:append () { install -D -m 644 ${UNPACKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo - sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers + sed -i 's/# \(%wheel ALL=(ALL:ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers fi fi
Upstream sudo's plugins/sudoers/sudoers.in changed the commented-out wheel group entry from: # %wheel ALL=(ALL) ALL to: # %wheel ALL=(ALL:ALL) ALL (an explicit runas group spec was added). The do_install:append() sed that enables the wheel group when DISTRO_FEATURES contains 'pam' and PACKAGECONFIG contains 'pam-wheel' still searched for the old pattern, so it silently failed to match: the wheel group was left commented out and never granted sudo access even though pam-wheel was enabled. Update the sed pattern to match the current upstream wording. The trailing "ALL" anchor keeps it specific to the plain entry and still correctly leaves the separate "NOPASSWD: ALL" wheel line commented. Verified with a sudo build (DISTRO_FEATURES += pam, PACKAGECONFIG += pam-wheel): the installed /etc/sudoers now has %wheel ALL=(ALL:ALL) ALL uncommented, while "# %wheel ALL=(ALL:ALL) NOPASSWD: ALL" stays commented. [YOCTO #16321] Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com> --- meta/recipes-extended/sudo/sudo_1.9.17p2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)